Home/ Questions/Q 8515045
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T05:02:10+00:00

I have a question about realm authentication, where glassfish create more than one http

  • 0

I have a question about realm authentication, where glassfish create more than one http session. Here’s an example

Web.xml:

<security-constraint>
    <web-resource-collection>
      <web-resource-name>AllPages</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>user</role-name>
    </auth-constraint>
  </security-constraint>
  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>FileRealm</realm-name>
  </login-config>
<security-constraint>

glassfish-web.xml:

  <security-role-mapping>
    <role-name>user</role-name>
    <group-name>users</group-name>
  </security-role-mapping>

login.jsp:

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Welcome Page</title>
</head>
<body>
<p>You have successfully logged into the application.</p>
<a href="./home.jsp">go to home</a>
</body>
</html>

SessionListener:

@WebListener public class SessionListener implements
HttpSessionListener {

public void sessionCreated(HttpSessionEvent arg0) {

System.out.println(“Session created id:”+arg0.getSession().getId());
}

public void sessionDestroyed(HttpSessionEvent arg0) {

  System.out.println("Session destroyed id:"+arg0.getSession().getId());

}

}

When I authenticate, glassfish create a new session:

INFO: Session created id:29c5d904db0e40b9cfbdac40aa5e

And when I click on “go to home” link or refresh the page, glassfish create another http session:

INFO: Session created id:2a67270137e38c150bf3690e2e46

And I also noticed that glassfish never destroy the first created session.

Thank’s for your help

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    This is probably a Glassfish Bug.
    Try add context.xml to your META-INF directory with this option:

    <?xml version='1.0' encoding='utf-8'?>
<Context>
<Valve className="org.apache.catalina.authenticator.BasicAuthenticator"
changeSessionIdOnAuthentication="false" />
</Context>

    or (in case web form authentication):

    <?xml version='1.0' encoding='utf-8'?>
<Context>
<Valve className="org.apache.catalina.authenticator.FormAuthenticator"
changeSessionIdOnAuthentication="false" />
</Context>

    This should (temporary) solve your problem!

    • 0